NEWS
NEWS
NEWS
DressCode Trojan malware discovered in over 400 Google Play Android apps
New research has discovered more than 400 apps available on the Google Play Android app store that are infected with a DressCode Trojan malware.
Trend Micro Inc. said the malware, also detected as ANDROIDOS_SOCKSBOT.A, was found in over 3,000 Android apps outside of Google Play as well.
The malware disguises itself as a legitimate application to entice the user to download it, including games, skins, themes and phone optimization boosters. In most cases, the actual apps work with the trojan being only a small part of the overall code base. Distribution of the malware may be in the millions, with one particular app, a Grand Theft Auto related modification for Minecraft, having been downloaded between 100,000 and 500,000 times.
Once installed, DressCode communicates with a command and control server and sets up a socket secure (SOCKS) proxy to relay traffic between the attackers and the internal network servers that the compromised device connects to, creating a potentially huge risk for an enterprise network.
According to Trend Micro’s Echo Duan:
This malware allows threat actors to infiltrate a user’s network environment. If an infected device connects to an enterprise network, the attacker can either bypass the NAT device to attack the internal server or download sensitive data using the infected device as a springboard. With the growth of Bring Your Own Device (BYOD) programs, more enterprises are exposing themselves to risk via carefree employee mobile usage. According to Trend Micro data, 82% of businesses implement BYOD or allow employee personal devices for work-related functions. While this program can increase employee productivity, it can also make companies vulnerable to malware like DressCode.
Protection
It probably goes without saying that the best way to avoid being affected by malware such as DressCode is to practice safe Internet use. Along with having a virus scanner installed on your phone, Trend Micro recommends that if you are downloading a new app to ensure it’s from a legitimate app store and to check reviews online and on the download page to make sure it’s not a malicious app. In addition, the company recommends that Android is updated regularly, although given the dysfunction of the Android update system that may be a hard ask.
Image credit: jlascar/Flickr/CC by 2.0
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
